好英语网使用Zoom,风险自负
Ever since many of us started working from home in the coronavirus pandemic, I’ve been invited to countless gatherings taking place on Zoom, the videoconferencing app. Virtual happy hours, work meetings, dinners, you name it.
自从许多人因为新冠病毒疫情开始居家办公以来,我多次被邀请参加使用视频会议应用程序Zoom进行的聚会。不但有虚拟欢乐时光,还有虚拟工作会议、晚餐等等。
I’ve been a no-show, and it’s not just because my hair has grown embarrassingly long. It’s because I have a fundamental problem with Zoom.
我始终失约,不仅仅因为我的头发长到令人尴尬的地步。我失约是因为我压根不喜欢Zoom。
Let me first say I understand why Zoom has been so popular in the pandemic. The company designed its app to be free and extremely easy to use; in tech lingo, we call it “frictionless.” Even our friends and relatives with zero technical know-how can join a Zoom meeting just by clicking a link. Then, voilà, you are looking at a screen with familiar faces and can begin chatting away.
首先我得说,我明白为什么Zoom在疫情期间如此受欢迎。该公司将其应用程序设为免费,而且极其易于使用;在技术术语中,我们管这个叫“无阻”设计。即使我们的科技零基础的亲朋好友也能通过点击一个链接加入Zoom聚会。然后,哇,你就在屏幕上看到一个个熟悉的面孔并可以马上开始聊天了。
At least 200 million of us, desperate to see people outside our homes, now use Zoom, up from 10 million a few months ago. Many of us use it for free, though Zoom also has a paid product. For lots of us, it’s a lifeline to see and converse with a friend or relative.
我们之中,至少有2亿迫切希望见到家人以外的人现在用上了Zoom,而几个月前,使用Zoom的只有1000万人。我们之中的许多人在免费使用Zoom,尽管它也有一个付费的产品。能与亲戚朋友见面并交谈,对于我们很多人来说,它简直就是救命的稻草。
But for the last year, I’ve been wary of the app. Zoom has had multiple privacy snafus in that period, which have come up so frequently that they became a game of Whac-a-Mole.
但是过去一年,我一直对这个应用程序保持警惕。在那段时期,Zoom曾出现过多次隐私隐患,频率之高,简直犹如打地鼠一般。
The missteps included a weakness that would have allowed malware to attach to Zoom and hijack our web cameras. The issues with basic security practices culminated with “Zoombombing,” in which trolls crashed people’s video meetings and bombarded them with inappropriate material like pornography.
隐患包括一个可能导致恶意软件附着到Zoom上并劫持摄像头的漏洞。基本安全措施问题的高峰是“Zoom轰炸”(Zoombombing)的出现,捣乱者闯入人们的视频会议,不断用色情等不良内容轰炸他们。
In a blog post last week, Zoom’s chief executive, Eric Yuan, apologized for all the mistakes and said the recent problems had largely been addressed. The company promised to focus on fixing its privacy and security issues over the coming months; it reiterated the plan on Wednesday.
Zoom首席执行官袁征上周在一篇博客文章中为所有错误表示歉意,并表示最近出现的问题已经基本得到解决。该公司承诺将在未来几个月内集中解决隐私和安全问题。它在周三重申了该计划。
If there is something déjà vu about all of this, you aren’t wrong. That’s because we find ourselves dealing with the same situation over and over again, focusing on the convenience of easy-to-use tech products over issues like data security and privacy.
如果所有这些让你有似曾相识感觉的话,你的感觉没错。那是因为我们一次又一次地处理着相同的情况,专注于科技产品在使用上的便利性,而忽视数据安全和隐私等问题。
We went through this not long ago with Ring, the doorbell camera, another product with a catchy name. Ring, which is owned by Amazon, became popular during another crummy situation: an increase in the petty crime of package thefts. It was also easy to install. But despite glowing customer reviews, Ring became mired in privacy scandals, including one that involved hackers hijacking the Ring cameras of multiple families.
不久前,我们在门铃摄像头Ring上——另一个名字琅琅上口的产品——也经历了同样的问题。由于盗窃包裹的轻微犯罪上升,在这个令人恼火的情况下,亚马逊旗下的Ring变得流行起来。它的安装也很简便。但是,尽管好评连连,Ring还是陷入了隐私丑闻中,包括一桩涉及黑客劫持多户人家Ring摄像头的事件。
The lesson is one we need to learn and relearn. When a company fails to protect our privacy, we shouldn’t just continue to use its product — and tell the people we care about to use it — just because it works well and is simple to use. Once we lose our privacy, we rarely get it back again.
这样的教训,我们需要一再学习。当一家公司未能保护我们的隐私时,我们不应该仅仅因为方便好用而坚持使用它的产品,甚至让我们关心的人也一起使用。隐私一旦丢失,就很难回来了。
“There’s a revolving door,” said Matthew Guariglia, a policy analyst for the Electronic Frontier Foundation, a digital rights nonprofit. “When you give your data to one company, you have no idea who else is going to have access to it, because so much of it happens behind the black box of company secrecy.”
“来来回回总是如此,”数字权益非营利组织电子前沿基金会(Electronic Frontier Foundation)的政策分析师马修·瓜里利亚(Matthew Guariglia)说。“当你将你的数据提供给一家公司时,根本不知道还有谁可以访问它,因为许多都发生在公司的秘密黑匣子背后。”
The onus is certainly on Zoom, not us, to fix the privacy and security problems of its app. But we can put pressure on Zoom by not accepting the situation. If you do use Zoom, do so with caution and strong security settings. More on this later.
解决应用程序的隐私和安全问题肯定是Zoom的责任,而不是我们的责任。但是我们可以对Zoom施加压力,拒绝接受这种情况。如果你的确需要使用Zoom,请谨慎使用并将安全性设置提高。稍后再详细介绍。
Zoom’s Privacy and Security Issues
Zoom的隐私和安全问题
Let’s first take a closer look at why Zoom has been under the microscope. The issues boil down to two main things: its privacy policy and the architecture of its security.
首先,让我们仔细研究一下,为什么Zoom一直被遭到仔细审查。问题主要归结为两点:隐私政策和安全架构。
Zoom’s privacy policy
Zoom的隐私政策
Zoom recently announced that it had revised its privacy policy to be clearer and more transparent. In it, the company emphasized that it does not and has never sold people’s personal data, and has no plans to.
Zoom最近宣布已经修改了隐私政策,使其更加清晰和透明。公司在声明中强调,无论过去、现在还是将来,都不会出售人们的个人数据。
But the policy does not address whether Zoom shares data with third parties, as companies such as Apple and Cisco explicitly state in their privacy policies.
但该政策并未涉及Zoom是否与第三方共享数据,苹果(Apple)和思科(Cisco)等公司在其隐私政策中都明确指出了这一点。
This is a notable omission. Tech companies can monetize user data in many ways without directly selling it, including by sharing it with other companies that mine the information for insights, according to research published by the M.I.T. Sloan School of Management. In some cases, tools to collect data from users are “rented” to third parties. Such practices would technically make it true that your personal data was not “sold,” but a company would still make money from your data.
这一缺失值得注意。麻省理工学院斯隆管理学院(M.I.T. Sloan School of Management)发表的研究报告显示,科技公司无需直接出售也可以通过多种方式将用户数据货币化,包括与其他挖掘用户信息以获取深入知识的公司共享数据。在某些情况下,收集用户数据的工具被“租借”给第三方。这种做法在技术上可以使你的个人数据不被“出售”,但公司仍然可以用你的数据赚钱。
Lynn Haaland, Zoom’s global risk and compliance officer, said the company does not anonymize or aggregate user data or rent it out in exchange for money.
Zoom的全球风险和合规负责人林恩·哈兰德(Lynn Haaland)表示,公司不会匿名或汇总用户数据,也不会出租数据赚钱。
So why is this not addressed in the privacy policy?
那么,为什么隐私政策中没有提到这一点呢?
“We try to be clear here about what we do do with the data,” Ms. Haaland said about the updated policy. “Sometimes when you try to list all the things you don’t do with data, if you leave one out, then people say, ‘Oh, well, you must be doing that.’"
“我们试图在这里澄清我们确实如何处理这些数据,”哈兰德在谈到新政策时说。“有时候,当你试图列出所有和数据无关的事情时,如果漏掉了一件,人们会说,‘哦,好吧,你一定是在这么做。’”
Zoom's security flaws
Zoom的安全缺陷
While Zoom has worked furiously to plug the security holes that have emerged in the last few weeks, its products for Windows and Mac computers have weaker security by design.
虽然Zoom公司一直在努力修补过去几周出现的安全漏洞,但其针对Windows和Mac电脑的产品在安全上较弱是有意而为。
That is largely because the company opted not to provide its app through Apple’s official Mac app store or the Microsoft Windows app store. Instead, consumers download it directly from the web. In this way, Zoom’s software avoids living in a so-called sandboxed environment, which would have restricted its access to Apple and Microsoft operating systems.
这主要是因为公司选择不通过苹果官方的Mac应用商店或微软的Windows应用商店提供其应用程序,而是由消费者直接从网上下载。通过这种方式,Zoom公司的软件避免了限制其访问苹果和微软操作系统的所谓沙箱环境。
As a result, Zoom is able to gain access to deeper parts of the operating systems and their web browsers. That is largely what makes Zoom sessions so simple to join.
这样一来,Zoom就能够访问两种操作系统及其网络浏览器的更深层部分。这在很大程度上使得Zoom会话非常容易加入。
By choosing to circumvent safer methods for installing its app, Zoom has opted for weaker security architecture, said Sinan Eren, chief executive of Fyde, an app security firm.
应用安全公司Fyde首席执行官斯南·埃伦(Sinan Eren)表示,通过绕过更安全的安装方法,Zoom公司选择了较弱的安全架构。
“They want to make the installation process a lot easier and streamlined, but at the same time they want deeper hooks into the operating system so they can collect more things,” he said. “That also exposes us to potential vulnerabilities.”
“他们想让安装过程更简单流畅,但同时他们想让软件进入到操作系统的更深层次,这样他们就能收集更多东西,”他说。“这也让我们受到它潜在弱点的影响。”
Zoom declined to comment on its security architecture.
Zoom拒绝就其安全架构置评。
Use Zoom at Your Own Risk
使用Zoom,风险自负
So what to do? In these difficult times, many of us have no better option than to use Zoom. So here are some steps to keep in mind.
那么,该怎么做呢?在困难时期,我们中的许多人没有比Zoom更好的选项。这里有一些步骤要记住。
• Use Zoom with caution. In general, it’s safer to use Zoom on a mobile device, like an iPad or an Android phone, than on a Mac or Windows PC. Mobile apps operate in a more restricted environment with limited access to your data. In addition, apps served through the App Store or Play store undergo a review process by Apple and Google that include an inspection for security vulnerabilities.
• 使用Zoom时,保持警惕。总的来说,在平板电脑或安卓手机等移动设备上使用Zoom比在Mac或Windows电脑上使用更安全。移动应用在一个更严格的环境下运行,对数据的访问也受到限制。此外,通过App Store或Play应用商店上架的应用程序必须接受苹果和谷歌的审核,其中包括对安全漏洞的检查。
• Also, be sure to turn on Zoom security settings, like meeting passwords, to prevent unwanted guests from Zoombombing your sessions.
• 另外,一定要打开Zoom的安全设置,如会议密码,以防止不速之客突然“轰炸“您的会议。
• Last but not least, be mindful of what it means to tell others to use a product with weak data security. Try to avoid using it for sensitive matters, like work meetings that discuss trade secrets.
• 最后但同样重要的是,要了解告诉别人使用一款数据安全系数低的产品意味着什么。尽量避免用它谈论敏感议题,比如召开讨论商业机密的工作会议。
• If you are concerned about privacy, try an alternative. There are video chatting tools from companies with better reputations, like Google’s Hangouts, Cisco’s Webex and FaceTime for Apple devices. These products may not be as simple to use as Zoom, but they work and you can worry less.
• 如果你对隐私仍存疑虑,试着使用一款替代产品。还有一些声誉更好的公司提供的视频聊天工具,比如谷歌Hangouts、思科Webex以及苹果设备上的FaceTime。这些产品可能不像Zoom那样使用简便,但它们确实能用,你也可以少些担心。
A product’s being great just isn’t good enough if it’s lousy at protecting our privacy. Many people appear to have learned this lesson already and have reacted accordingly. Elon Musk’s rocket company,SpaceX, barred employees from using Zoom. New York City’s school district recently banned Zoom for online learning.
如果一个产品在保护我们的隐私方面做得很糟糕,那么它还远远不够优秀。许多人似乎已经吸取了这一教训,并作出了相应的反应。埃隆·马斯克(Elon Musk)的火箭公司SpaceX已经禁止员工使用Zoom。纽约市学区最近也已禁止使用Zoom在线学习。
And us? It may be our turn to pause, too.
而我们呢?也许我们也该暂停了。